lokibot

General

Target

c3ee7aa257f5104face0c045d7aab897_JaffaCakes118
Size

352KB
Sample

240826-2hdq8azhqk
MD5

c3ee7aa257f5104face0c045d7aab897
SHA1

fb078f5e6dd3d3a7b6ae454c178e5cd5ce894eaf
SHA256

3ce0da0c38c03d7b86ec7b900e044e63ecd23813dec9755f2da59789ce685e41
SHA512

ecef5def5789a51c3f9404b8d8311a0f94582b87a700f78b8a9fb79f0cedbee8588d8b4467ad36c022bed665f85bc69a1aa7074221a2716df4888b0571e4465e
SSDEEP

3072:JQrP+TdYpaSHIG6mQwGmfOQd8YhY0/EqUGD:JC+Tdpcd6bUfFdXThU+

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://youthwinger.com/let/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  c3ee7aa257f5104face0c045d7aab897_JaffaCakes118
- Size
  
  352KB
- MD5
  
  c3ee7aa257f5104face0c045d7aab897
- SHA1
  
  fb078f5e6dd3d3a7b6ae454c178e5cd5ce894eaf
- SHA256
  
  3ce0da0c38c03d7b86ec7b900e044e63ecd23813dec9755f2da59789ce685e41
- SHA512
  
  ecef5def5789a51c3f9404b8d8311a0f94582b87a700f78b8a9fb79f0cedbee8588d8b4467ad36c022bed665f85bc69a1aa7074221a2716df4888b0571e4465e
- SSDEEP
  
  3072:JQrP+TdYpaSHIG6mQwGmfOQd8YhY0/EqUGD:JC+Tdpcd6bUfFdXThU+
Score

10^/10

lokibot spyware stealer trojan discovery
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2